In the previous part of this series, we saw how to get started with Python Flask and MySQL and implemented the user registration portion of our application. In this tutorial, we'll take this to the next level by implementing the sign-in and logout functionality for our application.

As seen in the above code, we have read the posted email address and password into _username and _password. Now we'll call the sp_validateLogin procedure with the parameter _username. So create a MySQL connection inside the validateLogin method:

con = mysql.connect()

Once the connection has been created, create a cursor using the con connection.

cursor = con.cursor()

Using the cursor, call the MySQL stored procedure as shown:

cursor.callproc('sp_validateLogin',(_username,))

Get the fetched records from the cursor as shown:

data = cursor.fetchall()

If the data has some records, we'll match the retrieved password against the password entered by the user.

As seen in the above code, we have used a method called check_password_hash to check if the returned hash password matches the password entered by the user. If all is good then we'll redirect the user to userHome.html. And if there is any error, we'll display error.html with the error message.

Save all the changes and restart the server. Click on the Sign In link in the home page and try to sign in using a valid email address and password. On successful user validation, you should have a page as shown below:

On an unsuccessful user validation the user will be redirected to an error page as shown below:

Here we have used a separate error page to display the error. It's also fine if you want to use the same page to display the error message.

Restricting Unauthorized Access to the User Home Page

On successful user validation a user is redirected to the user home page. But right now even an unauthorized user can view the home page by simply browsing the URL http://localhost:5002/userHome.

To restrict unauthorized user access, we'll check for a session variable which we'll set on successful user login. So import session from flask:

from flask import session

We also need to set a secret key for the session. So in app.py, after the app as been initialized, set the secret key as shown :

app.secret_key = 'why would I tell you my secret key?'

Now, inside the validateLogin method, before redirecting the user to /userHome on successful sign-in, set the session variable as shown:

session['user'] = data[0][0]

Next, inside the userHome method, check for the session variable before rendering userHome.html. If the session variable is not found, redirect to the error page.

We have already set the href for the log out button to /logout. So save all the changes and restart the server. From the home page, click on Sign In and try to log in using a valid email address and password. Once signed in, click on the Logout button in user home and you should be successfully logged out from the application.

Conclusion

In this part of the tutorial, we saw how to implement the user login and logout functionality. We also saw how to restrict unauthorized access to application pages. In the next part of this tutorial, we'll implement the functionality for the logged-in user to add and edit a blog post in the application.